Date: Thu, 22 Feb 2024 15:23:24 -0600 From: Vincent Stemen <vince.bsd@hightek.org> To: freebsd-stable@freebsd.org Subject: Re: gpart device permissions security hole (/dev/geom.ctl) Message-ID: <Zde7TAehUyMvDQ5F@marble.hightek.org> In-Reply-To: <slrnutei1n.1ebh.pmc@disp.intra.daemon.contact> References: <ZdE2Hm6y5Fel2etP@marble.hightek.org> <slrnutei1n.1ebh.pmc@disp.intra.daemon.contact>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 22, 2024 at 01:12:23PM -0000, Peter 'PMc' Much wrote: > On 2024-02-17, Vincent Stemen <vince.bsd@hightek.org> wrote: > > > > I have been a Unix systems administrator for well over 35 years and It's not > > uncommon for administrators to belong to the operator group for restricted > > admin tasks. It is completely unexpected to discover the user can wipe out > > the whole system. > > Removing the number plate from your house doesn't destroy the house. > It only might stop it from being accessed by people. BTW, correction to my original statement. The operator can only modify unmounted partitions. So any unmounted partitions or partitioned drives on standby for failover, backups, etc, can have their partitions deleted or changed, which will certainly stop access to the data on those devices. So stopping access to your data isn't much different than destroying it if you can never find it again. If you have a house somewhere in the country, with no address, other than perhaps what state it is in (which drive), have fun finding it. So your analogy is a distinction without a difference. Not only that, if the partition table gets modified without the sys-admin realizing it, and it gets written to, it most certainly can destroy the data. The way it is currently, there is apparently no way to grant individual permissions to a user, through the operator or any other group to, for example, partition a thumb drive, because permission to modify partitions is controlled for all geom devices via the one /dev/geom.ctl file. We also discussed this issue more extensively in the forum. https://forums.freebsd.org/threads/gpart-device-permissions-security-hole-dev-geom-ctl.92397/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Zde7TAehUyMvDQ5F>